RealmFlags

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\<Realm-name>

Data type Range Default value
REG_DWORD 0 - 7 0

Description

A bitmask specifying additional features of a non-Windows-based Kerberos realm.

Computers running Windows  2000 can use a non-Windows Kerberos server to administer authentication, instead of using a Windows 2000 domain for Kerberos authentication. These systems participate in an Kerberos realm instead of a Windows domain. This entry establishes the features of the realm.

To enable a feature, set the bit representing the feature to 1, or sum the decimal or hexadecimal values representing each feature. For example, to enable all features, set the value of this entry to 7 (1 + 2 + 4).

Value Meaning
0 No additional features enabled.
1 Send address
2 TCP supported
4 Okay to delegate

Note Image Note

Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

Tip Image Tip

For more information about KSetup.exe, see Tools Help in the Windows 2000 Support Tools. For more information about Kerberos interoperability features, see MIT Kerberos 5 (krb5 1.0) Interoperability on the Windows 2000 Server Security Services Web site.